Linux Malware Detect (LMD) is a malware scanner, also called maldet. This tool released under the GNU GPLv2 license, its facing and protected from the threats on shared hosting environments. LMD uses are MD5 file and HEX pattern matches, also easily exported to any number of detection tools such as ClamAV.
Download :
# cd /root/download
# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Installation :
Extract that tar.gz file and install it.
# tar -xf maldetect-current.tar.gz.
# cd maldetect-1.4.2
# ./install.sh
# cd maldetect-1.4.2
# ./install.sh
Linux Malware Detect v1.4.2
(C) 2002-2013, R-fx Networks <proj@r-fx.org>
(C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL
installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
maldet(9594): {sigup} performing signature update check...
maldet(9594): {sigup} local signature set is version 201205035915
maldet(9594): {sigup} new signature set (2015042721507) available
maldet(9594): {sigup} downloaded http://cdn.rfxn.com/downloads/md5.dat
maldet(9594): {sigup} downloaded http://cdn.rfxn.com/downloads/hex.dat
maldet(9594): {sigup} downloaded http://cdn.rfxn.com/downloads/rfxn.ndb
maldet(9594): {sigup} downloaded http://cdn.rfxn.com/downloads/rfxn.hdb
maldet(9594): {sigup} downloaded http://cdn.rfxn.com/downloads/maldet-clean.tgz
maldet(9594): {sigup} signature set update completed
maldet(9594): {sigup} 10749 signatures (8838 MD5 / 1911 HEX)
To find maldet path:
# whereis maldet
maldet: /usr/local/sbin/maldet
Configuration:
To Configure maldet in /usr/local/maldetect/conf.maldet,
# vim /usr/local/maldetect/conf.maldet
# [ EMAIL ALERTS ]
email_alert=1
email_subj="maldet alert from $(hostname)"
email_addr="yourname@domainname.com"
# [ QUARANTINE OPTIONS ]
quar_hits=1
quar_clean=1
quar_susp=1
quar_susp_minuid=500
email_alert : Do you want to receive email alerts, then value should be set to 1.
email_subj : Set your email subject here with $(hostname) for identify server..
email_addr : Add email address to received email alerts from server.
quar_hits : The default quarantine action for malware hits, it should be set 1.
quar_clean : Do you want to cleaning detected malware from server value set to 1.
quar_susp : The default suspend action for users wih hits set to as per your requirements.
quar_susp_minuid : Minimum userid that can be suspended.
Scanning:
Do you want to scan the /home directory maldet execute below command,
# maldet -a /home
If you want to scan all files in path
# maldet -a /home/?/public_html
Scan all files in path (default: /home, wildcard: ?)
If you would like view monitoring scanning process,
# maldet -m /home
# maldet --monitor /home/username,/home/username
# maldet --monitor /home/username,/home/username
Linux Malware Detect v1.4.2
(C) 2002-2013, R-fx Networks <proj@r-fx.org>
(C) 2013, Ryan MacDonald <ryan@r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2
maldet(10586): {mon} set inotify max_user_instances to 128
maldet(10586): {mon} set inotify max_user_watches to 61440
maldet(10586): {mon} added /home to inotify monitoring array
maldet(10586): {mon} starting inotify process on 1 paths, this might take awhile...
Update latest maldet version,
# /usr/local/maldetect/maldet -d
maldet(10671): {update} checking for available updates...
maldet(10671): {update} hashing install files and checking against server...
maldet(10671): {update} latest version already installed.
Comments (0)